I'm saying that for a hosted site style deployment that one shouldn't attempt to cover the lot with a single point of inspection.
If/when PFSense offers virtualized instances like say Juniper VSYS, then each site [cw]ould have it's own dedicated firewall/I[DP]S instance. Change control etc can then be applied at the most appropriate level. > -----Original Message----- > From: Tony Zakula [mailto:tonyzak...@gmail.com] > Sent: 10 February 2011 3:36 PM > To: discussion@pfsense.com > Subject: Re: [pfSense-discussion] Considering Switching to Pfsense > > Wow! Cool. So the IDS is built in. > > Greg, are you saying you can enable or disable Snort on an ip address > basis? Some ips get it and some do not? Can you expound on that a > little? I always assumed it was firewall wide, or are you saying each > hosted site would have their own IDS or paying customers would be > behind another router/firewall? > > Thanks for all this great info! > > Tony > > On Thu, Feb 10, 2011 at 9:30 AM, Greg Hennessy <greg.henne...@nviz.net> > wrote: > > For hosted sites, I would suggest enablement on a site by site basis. > > > > > > > > A change control snafu/bad update could kill everything otherwise. > > > > > > > > From: Tim Dressel [mailto:tjdres...@gmail.com] > > Sent: 10 February 2011 3:29 PM > > To: discussion@pfsense.com > > Subject: Re: [pfSense-discussion] Considering Switching to Pfsense > > > > > > > > The snort plugin has this functionality built in. Just enter your > oink code > > and set how often you want it to update. > > > > On Thu, Feb 10, 2011 at 7:16 AM, Tony Zakula <tonyzak...@gmail.com> > wrote: > > > > Yes, but I was just wondering if this is routing for say several > > hundred hosted sites, if it would be appropriate to do that on the > > main router or not. I guess you could start with that, but then turn > > it off right? > > > > How then do people update their rules if they are using say snort? > > Purchase a contract direct? Any other solutions out there for > > Pfsense? > > > > Tony Z > > > > On Thu, Feb 10, 2011 at 2:38 AM, Greg Hennessy > <greg.henne...@nviz.net> > > wrote: > >> > >>> > >>> Any thoughts on whether IDS is appropriate at the perimeter or not? > >>> > >> > >> If you take a look at any serious commercial firewall offering on > the > >> market, integrated IDS/IPS is the order of the day. > >> > >> More sophisticated solutions offer application control. > >> > >> -------------------------------------------------------------------- > - > >> To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com > >> For additional commands, e-mail: discussion-h...@pfsense.com > >> > >> Commercial support available - https://portal.pfsense.org > >> > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com > > For additional commands, e-mail: discussion-h...@pfsense.com > > > > Commercial support available - https://portal.pfsense.org > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com > For additional commands, e-mail: discussion-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org --------------------------------------------------------------------- To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
